Brian Krebs reports for the Washinton Post.
Malware Silently Alters Wireless Router Settings
Philip Sloss, a software engineer for myNetwatchman.com, said he first observed the activity while examining a Zlob variant distributed on May 22. The DNS hijack occurs, he said, during the installer program, so by the time the user sees the fake codec installer screen, the malware has already attempted to change DNS settings on the victim’s router.
I reached out to researchers at Sunbelt Software to check Sloss’s data, and Sunbelt was able to confirm that the malware successfully changed the DNS settings on a Linksys router (model BEFSX41), pulled straight out of the factory box (with the default username and password). Another test showed that the Zlob variant successfully changed the DNS settings on a Buffalo router running the DD-WRT open source firmware.
Sunbelt also found that if there are multiple machines using the same router, all of the systems connected to that router will have their traffic hijacked.
Article
The latest rogue installed through the Zlob Trojan.
How to remove AntiSpyCheck
If you have an infected computer and would feel more comfortable being assisted by a trained malware remover helper, please start a topic at one of the forums. Short but trusted list in the right hand column.
Certifiedbug: Fake Security Programs
VirusHeat. Can’t say it enough, Rogue!
VirusHeat is installed on your computer when you download and install a Trojan masquerading as a video or audio codec required to view a movie on the Internet. These fake codecs are know as Zlob Trojans. Once you install these programs, though, they install VirusHeat onto your computer along with other malware without your permission.
When the Zlob Trojan is installed, it automatically downloads and installs VirusHeat onto your computer. It will then configure your computer to automatically start another Trojan that displays fake security alerts in your taskbar that states you are infected or have some other security problem on your computer. When you click these alerts, VirusHeat automatically opens and scans your computer. This scan will not only display fake and exaggerated results, but will also find the Trojan that installed it in the first place. The scam, though, is that in order to remove anything you must first pay for the commercial version of this software. It goes without saying that by no means should you purchase this scamware.
How to remove VirusHeat (Removal Instructions)
http://www.bleepingcomputer.com/forums/topic130080.html
The Zlob Trojan Downloader typically poses as audio or video codecs, required to be installed on your computer so you can watch or listen to certain media.
VirusRay is just the latest infection that downloads and installs rogue anti-spyware programs and displays fake security alerts in your Windows taskbar.
When the Zlob infection downloads and installs VirusRay, VirusRay will automatically start and perform a scan of your computer. When done scanning, VirusRay will state that it found Trojans on your computer. The funny thing is that the Trojans VirusRay finds are the actual ones that were used to install it in the first place. In order to remove these Trojans, though, you will be required to purchase the full version of the software. This is obviously a scam and you should not purchase this software under any circumstances.
Removal instructions at Bleeping Computer.
